Read only devices (Re: BoS: amodload.tar.gz - ...)

[wam () fedex com (William McVey)]

Dana Bourgeois wrote:
> With writeable CDROM drives around $700, has anybody considered setting up
> their system from the Solaris CD, adding whatever software they need/want
> to the machine and then backing the disk to WCDROM?  It would seem that if
> data files are backed up at regular intervals to the standard backup
> system, the pure system could be quickly recreated any time there was a
> question about break-ins.  Maybe even on a regular basis.

It seems to me that this is the same as performing backups of your
system onto tape.  You still have the problem of needing to know
when you've compromised and needing to know what backup tapes (or
CDs) are tainted with hostile bits.

What would be really neat (albeit slow if you didn't have enough
memory to keep common executables in core) would be running your
operating system entirely off of cdrom (with perhaps things like
/tmp, home directories and /var on disk).  Then trojaning a system
executable becomes very difficult indeed.  Of course you really don't
get much of an advantage from using a cdrom as opposed to using a
disk with hardware write protection engaged.

 -- William